{"id":"CVE-2021-22898","details":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.","aliases":["CURL-CVE-2021-22898"],"modified":"2026-05-16T04:03:02.926667400Z","published":"2021-06-11T16:15:11.043Z","related":["ALSA-2021:4511","SUSE-SU-2021:14735-1","SUSE-SU-2021:14760-1","SUSE-SU-2021:1762-1","SUSE-SU-2021:1763-1","SUSE-SU-2021:1786-1","SUSE-SU-2021:1809-1","openSUSE-SU-2021:0808-1","openSUSE-SU-2021:1762-1","openSUSE-SU-2024:10582-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"}],"vendor_product":"debian:debian_linux"},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"33"},{"last_affected":"34"}],"vendor_product":"fedoraproject:fedora"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.11.0"}],"vendor_product":"oracle:communications_cloud_native_core_binding_support_function"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.10.0"}],"vendor_product":"oracle:communications_cloud_native_core_network_function_cloud_native_environment"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.15.0"},{"last_affected":"1.15.1"}],"vendor_product":"oracle:communications_cloud_native_core_network_repository_function"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.8.0"}],"vendor_product":"oracle:communications_cloud_native_core_network_slice_selection_function"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.15.0"}],"vendor_product":"oracle:communications_cloud_native_core_service_communication_proxy"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"11.1.2.4.047"},{"introduced":"21.0"},{"fixed":"21.3"}],"vendor_product":"oracle:essbase"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"1.0.1.1"}],"vendor_product":"siemens:sinec_infrastructure_network_services"},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.2.0"},{"fixed":"8.2.12"},{"introduced":"9.0.0"},{"fixed":"9.0.6"},{"last_affected":"9.1.0"}],"vendor_product":"splunk:universal_forwarder"}]},"references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5197"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2021/07/21/4"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"FIX","url":"https://curl.se/docs/CVE-2021-22898.html"},{"type":"FIX","url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"},{"type":"FIX","url":"https://hackerone.com/reports/1176461"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}